On Wednesday, February 2, 2022 1:21:38 PM EST Alec Leamas wrote: > Dear list, > > On 02/02/2022 18:46, Michael Stone wrote: > > On Wed, Feb 02, 2022 at 10:16:36PM +0500, Andrey Rahmatullin wrote: > >> On Wed, Feb 02, 2022 at 12:12:30PM -0500, Michael Stone wrote: > >>> On Wed, Feb 02, 2022 at 11:39:11AM -0500, The Wanderer wrote: > >>> > Doesn't that, then, lead to the suggestion that any package entering > >>> > unstable without having undergone NEW review (which, in the revised > >>> > model, might be every new package) should automatically have a bug > >>> > >>> filed > >>> > >>> > against it requesting suitable review, and that bug should be > >>> > >>> treated as > >>> > >>> > a blocker for entering testing? > >>> > >>> Not really, since anyone in the world could close said bug (including > >>> the > >>> uploader). > >> > >> This applies to any RC bug. > > > > Yes, but in this case it means that we wouldn't have that minimal > > standard of at least one person other than the uploader having ever > > reviewed the package--which I think is a fairly low bar that we should > > meet. (It would be even better if we could add reviews for changes, but > > at any rate I don't think we should go backward here.) > > This is basically a question of social contracts and tooling. It can > IMHO certainly be done. > > But isn't this discussion on details moot until we clear out the > fundamentals such as the legal risk/cost analysis of dropping the NEW > queue in its current form i. e., the topic for this thread? > > And not least, some input from the ftp-masters team -- this discussion > is about a huge change in a process they currently manage. I am a member of the FTP Team and have been participating, at least a bit, in this thread. I am not, however, speaking for the team. In response to pings on #debian-ftp that a package in New just for a soname bump was blocking a transition, I took a look at it. As is our practice, I did review the status of the copyright and licensing documentation in the package's debian/copyright. It's pretty clear that even with going to New, the maintainer didn't bother to check at all. I did a simple grep: grep -ir copyright * > ../copyright_list pared the results down to just the copyright claims that are not correctly reflected in debian/copyright and it was 806 lines long and there were multiple undocumented licenses (I didn't count them). Maybe I'm just frustrated with that experience right now, but I have zero sense that there's any real interest in improving the quality of the archive in this regard from people not on the FTP Team. If people think reviews by the broader community can replace New, I would invite you to get started on the work and demonstrate that there is sufficient interest in doing the work. There are plenty of in-archive issues to be found and fixed. I would certainly not support the notion that we have too few licensing documentation bugs in the archive and we can afford to dismantle the one process we have in place that actually makes a difference in this area. Scott K
Attachment:
signature.asc
Description: This is a digitally signed message part.